Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

ntk writes "Glenn Greenwald from Salon has a long, informative interview with Cindy Cohn, the EFF attorney leading the suit against AT&T over their warrantless wiretapping of their customers. It talks about why the White House is pushing for retroactive immunity against the telco, what the suit has revealed so far, and how little Congressfolk appear to know about how Internet traffic is being monitored."

Actually, Qwest probably wasn't involved with the spying. The CEO, Nacchio is being pursued by the SEC apparently in retaliation for declining to spy illegally. Naturally, his attempts to bring this up at the trial are being quashed.

The public needs to understand and accept the fact that neither telecos nor governments are trustworthy. Privacy is up to end users and they are free to secure their own traffic by wrapping it in real crypto. GPG, OpenSSL and OpenVPN are just a few free open-source toolkits available to provide secure ways to communicate without having to worry about the trustworthiness of the pipe between here and there.

It's just naive to wait for some politician to protect your privacy when you have the tools to insure this yourself. As a matter of practice, stick your letters in an envelope instead of waiting for the postmaster general to outlaw literacy of postal employees.

I agree with what you said. The same technique also works to evade the great firewall of China.The mentioning of OpenSSL also implies that HTTP should go over TLS whenever possible, as long as you trust the website for properly handling your data. That means websites should provide an HTTPS version. There is a problem, though. Many websites on the web are name-based virtual hosts. SSL doesn't work on them because you have to exchange the certificate, which is site specific, before sending the Host header th

It's just naive to wait for some politician to protect your privacy when you have the tools to insure this yourself.

As long as those tools are legal. The US already has ridiculous export restrictions on crypto (as though people in other countries aren't capable of writing this stuff on their own!) and IIRC, the UK government has argued for a central, government-run crypto key database, such that it would be illegal to encrypt anything in a way that law enforcement can't immediately crack. What's naive is thinking that just because the tools exist, you'll always be able to use them without getting your door kicked down in the middle of the night, a flashlight shined in your face as you're hauled out bed and cuffed, and a booming voice asking, "Citizen, what are you trying to hide?"

Short of armed revolution, which is not something that any sane person should want to become necessary, our best defense against government intrusion is to get politicians on board. Laws protecting citizens from abuses of power can and do work; for most of its existence, the Bill of Rights has been a sterling example. On those occasions when the government chooses to disregard these laws, it is the responsibility of We The People to put it back in its place -- and it is far preferable to do that with ballots than with bullets.

Short of armed revolution, which is not something that any sane person should want to become necessary

Most people wouldn't consider Thomas Jefferson to be insane, and yet he would consider us long overdue for a rebellion. I think the problem may have gone too far, the rot set in too deep, for political/legal measures alone to have much effect. I know some people that left the FBI because of what they saw happening there, because of the kind of people that are working there now. It's not good, and if the

Jefferson was quite sane, and he knew that things had indeed gone beyond a political solution. But it should take a lot before anyone ever gets to that point. There had been mutterings about rebellion in the Colonies since at least the 1720's, but except for isolated local incidents (which were quickly crushed) it never came to anything before 1776, and up through 1770 or so most people thought, quite rightly, that the idea was pretty dumb, because the Colonies simply didn't have the resources to make it work.

Americans often don't realize how profoundly lucky we were, I think. Ours could very easily have been one in the long, depressing series of wars of colonial liberation in which the colonists Throw Off The Hated Chains Of Oppression only to descend into dictatorship. We were lucky that Washington didn't want a crown, lucky that it was Washington rather than Arnold who ended up as the hero of the day, deeply lucky that the authoritarians among the Founders generally didn't get their way. A million things could have gone wrong; we threaded the needle and -- just barely -- got it right. Meanwhile, South America and Africa have provided many tragic examples of how difficult this is.

Also, our "Revolution" was a war of colonial liberation, not a revolution in the ordinary sense; as bad as colonial rebellions often are, internal revolutions, attempts to replace a government in place by armed force, are generally worse. To tell the truth, I'm not sure I can think of a single example that's really worked out well -- and the ascending scale of horror represented by the English Civil War, the French Revolution, and the Russian Revolution show how easily they can work out badly.

Sometimes revolution is the best of several bad choices, yes. But that's the best it can ever be. People who talk about it casually have no idea what they're playing with.

They're playing with fire, no argument. I don't think you're giving enough credit to the Founders themselves, so far as our needle-threading is concerned, but you're right that we were remarkably fortunate they were there at that point in history. In any event, avoiding the violent fate suffered by so many other national governments depends upon our continuing ability to influence our government via legal process. That's being taken away from us, at an accelerating pace. Granted, it's our own fault, but that is what is happening. So what do we do? About the only influence most of us have are a. casting our votes and b. writing our Congresspersons. That doesn't seem to be enough anymore, although I certainly I agree that we're better off with a political solution rather than a violent one.

What concerns me is the common attitude that "This is America, such things just can't happen here!" We're not bulletproof, our economy isn't powered by magic. Right now most of us have far too much to lose to even consider armed overthrow of the United States Federal Government. I know I do: the political and economic collapse of my country wouldn't do me personally any good. But, what happens when a significant number of us don't have anything left to lose? There's plenty of historical examples of what happens when an economy fails to provide for its people.

I imagine that if we were to ask Ben Franklin what he might think of our government today as compared to 1776 that he would be alarmed at the volume of attorneys presently holding office at all levels of our government. I somehow feel that this possibility was never envisioned by our founding fathers.

To tell the truth, I'm not sure I can think of a single example [of armed revolution] that's really worked out well -- and the ascending scale of horror represented by the English Civil War, the French Revolution, and the Russian Revolution show how easily they can work out badly.

True. However, in some cases government replacement can be accomplished through force of social pressure without recourse to armed conflict. You should look up the ouster of Slobodan Milosevic. Most of the USA forgot about the

We're also lucky that Aaron Burr put a pistol ball right through Al Hamilton's liver. Hamilton was a true and complete authoritarian who's continued influence could well have turned the USA into a near dictatorship in short order.

It's also a lot easier. People do a lot of bitching, but every election day, they say, "More oppression, please." When 99% of the voters say that our current government is pretty close to optimal, I somehow doubt that armed revolution could succeed. It would take a lot of bullets.

Ignoring what the government does just because you can encrypt things at the moment is foolish.

I might add that if anyone had an interest in cracking popular encryption schemes right now, it would be the government that is trying to read every packet you touch. Things like this are never certain but I wouldn't trust my life to encryption anymore regardless of keysize or cipher length.

The use of strong encryption does not preclude defending the 4th amendment. There is no reason not to implement defense in depth to reach the goal of secure personal communications. If anything, the events of 9/11 show the weakness in relying on brittle security in any form.

sure your internet usage you can do something to ensure some privacy, any suggestions for what the end user can do to secure their telephone calls?Voip and instant messaging programs probably could build in pgp or something similar so that whats transmitted isn't plain text or voice but I've yet to see anything like that, why is that?A public / private key system should be easy to implement even over a standard messaging service like AIM or MSN or any of the others.

Privacy is up to end users and they are free to secure their own traffic by wrapping it in real crypto.

Sadly, Either the crypto has to be built into the product, in which case the gov will either outlaw it or demand back doors, or you are faced with the same situation that secure email has always been in i.e. for every person willing to encrypt there are a thousand who don't understand it, don't care, or just too lazy.

The public needs to understand and accept the fact that neither telecos nor governments are trustworthy.

People keep throwing out this "cain't trust the gummint" garbage without realizing that the government is supposed to be us.

If Americans would just stop basing their vote on the rantings of Right-Wing radio idiots and start exercising their ability to influence the people we elect, we might actually be able to have a little trust in the government, in ourselves.

The authoritarian plutocrats have been spending billions to create this nonsense that government is the root of all evil, and if we'd just put all the power in the hands of corporate managers, life in America would be utopia. It's actually become conventional wisdom now that the private sector can do everything better than the public. The problem is, our experience with insurance companies, communication companies, energy companies, the very biggest of the big corporations, is uniformly horrible. But now we're supposed to happily turn over health care to those same insurance companies, media to those same communication companies (think of your cable provider) and the fuel of our lives over to Exxon.

I don't know about you all, but the last time I went to the DMV here in Chicago to renew my driver's license, it was a quick, inexpensive and efficient process. I was in and out in less than 15 minutes. I went to the DMV because the Secretary of State of Illinois sent me a timely letter telling me that my license was about to expire, and giving me instructions as to what I should bring and where I should go.

How was your last interaction with your insurance company?

I'm thoroughly sick of hearing people stridently assert that government can't do anything right. If any part of that is true, maybe it's because a certain segment of our ruling class and their corporate masters have been working and spending hard to destroy that very government, hoping that we'll happily open our wallets and our lives to them so they can do it right.

Maybe we ought to think about saving our government as created by our founding fathers with our Constitution before we decide to turn over control of our lives to the corporate sector, who, when it comes down to it, cares a lot more about their quarterly profits than about our welfare.

The government our founding fathers intended is a government that would protect the borders and otherwise keep the hell out of our way.

It's certainly not the monster of red tapes and conspiracies it's become. Distrusting this particular form of government so that the government our founding fathers intended (and the one we deserve) can again flourish is the most patriotic thing any American can do.

The government our founding fathers intended is a government that would protect the borders and otherwise keep the hell out of our way.

The government our founding fathers intended is supposed to be of, by and for the people. The government our founding fathers intended was supposed to always get warrants before performing any searches of citizens or property. The government our founders intended had three co-equal branches of government. Oh yeah, the government our founders intended gave no rights to A

I'm sorry, I have unfairly put you in a category in which you may not belong.I'm with you. It's time for us to show a little resistance to what our government has become. But remember one thing, when the founders said government was "supposed to stay out of our way", they were referring to individuals. Corporations have stretched the definition of "individual" to include them, and the definition of "speech" to include "money". Especially today, when multi-national corporations are increasingly not us, w

The government our founding fathers intended is a government that would protect the borders and otherwise keep the hell out of our way.

It also had no concern for civil rights, women and blacks voting, workplace safety, food and drug safety, building codes, emergency services, primary education, universities, or environmental protections. Its main provisions were contract enforcement, crime punishment, and military action.

Governments like the original Constitution still exist today, but you probably wouldn'

Comcast already QoS de-prioritizes encrypted traffic, how many years until it will be socially acceptable to outright drop it 'in the name of terrorism'?

Yeah, you'd break a few popular apps at first, but it's entirely possible to do l7-filtering and only allow SSL connections by certain keys, so you could still allow the big names in https (banks, webmail, etc) while blocking self signed certs and others.

The public needs to understand and accept the fact that neither telecos nor governments are trustworthy.

And neither — to judge from the article — is the EFF... And here is why.

Privacy is up to end users and they are free to secure their own traffic by wrapping it in real crypto. GPG, OpenSSL and OpenVPN are just a few free open-source toolkits available to provide secure ways to communicate without having to worry about the trustworthiness of the pipe between here and there.

I see a lot of criticism about these telecoms cooperating without warrants with the government. I don't think it is as bad as ISP's cooperating with private agencies like RIAA without a warrant. One might argue that the government could at least have some shadow of the public good in what they do. The RIAA is completely self serving.
If the government is called into question for these activities, then maybe it will cascade down to privacy concerns that don't get as much press.

What Bush & Co have been doing is legal, at least according to the letter of the Constitution. The Constitution allows the President to suspend civil liberties (even habeas corpus) in cases of warfare, or for national defense. And the interesting thing is that the determination of national defense purposes lies with the executive branch.

If you have a problem with this, then you have a problem with the Constitution. Maybe the Constitution needs to be changed to support civil liberties even in time

The Constitution allows the President to suspend civil liberties (even habeas corpus) in cases of warfare, or for national defense. And the interesting thing is that the determination of national defense purposes lies with the executive branch.

Can you provide a citation on that? Article I, Section 9 states "The privilege of the Writ of Habeas Corpus shall not be suspended, unless when in Cases of Rebellion or Invasion the public Safety may require it." -- but that is in Article I, which lays out the powers and limitations of Congress, not the President. Article II describes the role of the President, and I honestly can't see anything there that backs up your claim. (Not to mention that the US is neither in a state of rebellion nor being invaded at the moment.)

* This is not a war. Constitutionally, Congress reserves the right to declare war, and they have not. the "AUMF" is not a formal declaration of war. No other circumstances stipulated in the Constitution authorize the suspension of Habeas Corpus.

* The 2000 and 2004 elections both elected the Democratic candidates, and were overturned by electoral fraud favoring Republicans. If you want to imply that we get the government we deserve, then you only have the rather weak form of the argument that says we elected a government prior to those elections that didn't care to pursue and remedy electoral fraud.

Don't get me wrong; there is a frighteningly significant number of Americans who still support "mister 26%". Indeed, the only reason that electoral fraud is a viable tactic is that the country was so evenly split in previous elections. But what if the election were held today, after almost 3 years of a unitary executive who is almost completely unaccountable to the People or it's Congress? If the People were voting for anything, it was what was apparent to them from the first four years of the Bush presidency, before Gonzales' USA firings, before the exposure of warrantless wiretaps, before the Plame outing, before the "surge", before Katrina, before the Military Commissions Act, and before the SCHIP veto. I could go on, obviously.

Just because our previous elections have been contentious doe not mean that the system is not broken, or that it has not been compromised by corrupt interests. The Rovean Culture War is not a sign of a healthy democratic republic.

Even though Congress hasn't officially declared war, the mantra in Washington is that we are at war. With a noun. And this stretched definition of war ("We are constantly under threat of invasion by terrorists!") is sufficient to convince the Supreme Court, the Congress, and the Executive branch that the suspension of liberties is not illegal, per se. Yes, it is probably against the spirit of the Constitution, but that's hard to prove. Even so, you'll have people who would argue that if the founding fathers could have forseen Islamic terrorism, they would have included it in the Constitution as well.

The interesting thing, though, is that Clinton was impeached for lying about having "sex" with an intern, while GW has misinformed the Congress and the whole United States about WMD, and Congress does nothing.

So, IOW, we've elected a bunch of spineless Senators. While you might be able to claim election fraud wrt to Presidential elections, it would be a quite a stretch to claim the same for the Senate, especially considering the majority party is the Democrat Party.

So where is the voter outrage? Why hasn't GW been called on the carpet in the same way as Clinton? Do you really expect us to believe that the Democrats are part of the conspiracy as well?

It just might be that America is getting the government they deserve. The system of checks and balances is either completely broken, or our current situation is the result of indifference, or perhaps even support for, the "illegal" spying program. (As IANAL, I don't know if the program is legal or not, but I do know that I certainly don't like it.)

And it should be taken for granted that corrupt and partial interests are trying to control government. But we as the voters have the responsibility to root out corruption. Sadly, it appears that all too many Americans are content to endorse the Bush interpretation of the Constitution. Even the Democrats.

I agree with what you are saying and adding that the "financial contributions" to the congress persons from companies and associations such as the RIAA, MPAA. and etc. have great sway with the decision makers and cause them to lose sight that they are our sworn representatives. It is as if the whole goal is to stay in office by saying anything necessary whether it is really intended to be pursued or not.My personal opinion is that an Association/Company should not be permitted to donate money which is merel

Worse, we've elected a bunch of senators who expect their party to gain all the powers Bush has usurped.I'm actually leaning just a trifle towards Democrat of late because there have been at least some real efforts to reign in the abuses, and we have a few true statesmen (of either gender) up there, but it looks like the party as a whole has decided to keep everything Bush is about to leave them.

Excuse me? Last I recalled the only opposition to Bush in the last election conceded. He wasn't elected, he WON BY DEFAULT. I don't call that an election, I call that handing the keys over to a drunk driver.

What Bush & Co have been doing is legal, at least according to the letter of the Constitution. The Constitution allows the President to suspend civil liberties (even habeas corpus) in cases of warfare, or for national defense. And the interesting thing is that the determination of national defense purposes lies with the executive branch.

Uhh, no. You're wrong. Read up on Ex Parte Merryman, which specifically says that the president "cannot suspend the privilege of the writ of habeas corpus, nor authorize a military officer to do it."

If you have a problem with this, then you have a problem with the Constitution. Maybe the Constitution needs to be changed to support civil liberties even in times of war; maybe the American people believe terrorism warrants this erosion of civil liberties. Regardless, in a democracy, people get the government they ultimately deserve - you, and every other voter, chooses the President and members of Congress. If you feel your liberties are being unfairly compromised, rather than blaming Bush & Co (or Congress, who despite having a Democratic majority, continues to support the President), blame your fellow Americans. They elected Bush not once, but twice. If their civil liberties have been eroded, they have no one to blame but themselves.

The point of a constitutional government is that no matter how stupid the majority is, they still can't trample on the essential rights of the minority. And as far as electing Bush twice, many would disagree that that's the case (though at this point it's purely an academic debate).

Rather than whine about how our liberties have been eroded, we need to take the issue to the public, and present it in terms the average American can understand. And if you can't make it relevant to the average American, maybe the issue is not that important.

If the White House didn't like the laws, they should have asked for revisions or new ones. They could have gotten them in the "rubber-stamp" Republican congress, but they waited for years and until after the programs were publicized. The government may have a legit reason, but the problem is that it's rife with potential for abuse. As far as I'm concerned, that potential is always a good reason to narrow down and eliminate any change that a law is used for something other than the stated intention. If they don't expect to use a law in a certain way, then make sure it is worded such that it doesn't get used in that way.

I think there's a fair chance that this sort of surveillance is used against legitimate protesters too. Maybe the White House would protest that suggestion, but really, if they want me to trust them, they need to earn that trust and allow independent oversight. The other problem I have with the White House is that they seem to be very reluctant about that.

If you dig deep enough you'll see Verisign/Netsol was founded by ex SAIC staffers. SAIC is sort of a retirement home for ex intelligence types. Even later hires at netsol came from the intelligence community.

I did some work at netsol almost a decade ago (writing diagnostics for the registry/regiatrar protocol). Those dudes are seriously smart people and good at what they do.

It's easy to see why people hated netsol. It was full of very smart people very good at what they do.

The irony of this situation is that we have the tools to improve privacy and trust, if only the 'geek' community would focus on the doings of Certificate Authorities as a major issue instead of constantly prattling about shiny-shiny.

DailyKos is not a technology site, and the person who posted this diary doesn't understand that all Verisign normally gets is the signing request. (I'll probably post something like this there also.) They don't have your private key, they can't decode your communications.

What they could do is intercept it and man-in-the-middle it. With Verisign's help, they can trivially make a key that works in every browser. (And buying a non-verisign key won't help...end users will just be handed a 'legit' verisign one and don't know that server has a different one.)

I urge everyone with an SSL server to post the MD5 and SHA1 fingerprints of their public key, or even their entire public key, on their site and I urge people to occasionally check them against what their browser reports. Sadly, Firefox, at least, doesn't seem to actually report the public key in any usable format, and I can't see how to get the MD5 and SHA1 fingerprints from the key using openssl. If anyone has a set of step-by-step instructions, that tell exactly what to put up and how to instruct end users to check it, that would be nice to link to.

And if you have an SSL server and a Linux shell somewhere else, and run 'openssl s_client -connect example.com:443' from both the server and that other place to make sure the 'BEGIN CERTIFICATE' part matches.

I seriously doubt the NSA is doing this, but it should be easy enough to notice if it is.

And, speaking of 'occasionally checking', it would be nice if there was some Firefox extension to inform you that the encryption key had changed, and what the old and new key were. If the old key wasn't due to expire, and the new key has the same date as the old, it probably means someone is running a man-in-the-middle attack. They'd keep the dates the same, along with all the other info, to make it harder to notice, whereas while someone could buy a new key in advance, they wouldn't get one with the same date as the old.

So does this mean that communications with my bank (just for example) could be tapped under CALEA etc., since my bank's SSL certificate is maintained by Verisign? Or is SSL still safe so long as the bank itself doesn't cough up it's own private key?

Your banking SSL is open to eavesdropping if the Certificate Authority (like VeriSign) offers its resources in staging Man In The Middle (MITM) attacks. Unlike what AC said, your bank would not have to offer its private key or get involved in any way to facilitate the surveillance.

So does this mean that communications with my bank (just for example) could be tapped under CALEA etc., since my bank's SSL certificate is maintained by Verisign? Or is SSL still safe so long as the bank itself doesn't cough up it's own private key?

You tell your browser to go to your bank's website. Your browser connects to Mystery Computer. Your browser has the little padlock icon. If you are one of those unusual people (i.e. a computer dork) who actually clicks on the padlock to check the cert, you s

By exploit I mean eavesdrop on (otherwise) encrypted internet traffic using the means that is available to them as a CA: MITM.They have a number of pages advertising "Legal Intercept" services.... under the expanded CALEA (voice and data having any kind of international route) what do you think this means? Any CA with a real privacy policy wouldn't get within a million miles of government eavesdropping activities. Sadly, the short-term windfall from eavesdropping contracts probably far outweighs any certifi

X.509 identities, unlike OpenPGP identities, can only have one introducer. You can be betrayed by a conspiracy of.. one. You think you're talking to your bank, or a certain store, or your webmail server, and the CA says that you are, but if the CA is a liar, you could be talking to anyone. Maybe you talk to whom you think you're talking to. Or maybe it's the government. Maybe it's the CA himself. Maybe it's the Russian Mafia.

GG: John Boehner, the House Minority Leader, was on Fox News on Sunday arguing for telecom immunity, and this is one of the things he said in explaining why he believed in amnesty: "I believe that they deserve immunity from lawsuits out there from typical trial lawyers trying to find a way to get into the pockets of the American companies."

I have no doubt that Congressman Boehner is aware of the EFF's true motivations and is deliberately spinning them. His motivation for doing so can only be to defend the Bush Administration. Most importantly, He is absolutely aware that what has happened and is still happening is illegal and he is willing to lie on national tv to defend this.
In board rooms, on conference calls, in the break room, at the pool hall down the street, people can't get away with this shit and they know they'll be called out for lying. We really need the people who interviewing these traitors to be more aggressive. Fuck politeness, just once I want some anchorman to say "Wo, hold the fuck on John, we all know that's bullshit."
Our elected officials (all of them) lie and spout meaningless rhetoric with impunity everyday and that needs to change. They need to be put on the spot and grilled once in a while.

Yeah, there is a reason that it will be a cold day in hell before someone like this would be willing to go on the The Daily Show. It is really sad when the 'reporter' with the fewest constraints and greatest record of calling bullshit is on a comedy network.